Return-Path: X-Original-To: apmail-syncope-commits-archive@www.apache.org Delivered-To: apmail-syncope-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DFC8917913 for ; Tue, 21 Apr 2015 07:49:17 +0000 (UTC) Received: (qmail 29480 invoked by uid 500); 21 Apr 2015 07:49:17 -0000 Delivered-To: apmail-syncope-commits-archive@syncope.apache.org Received: (qmail 29409 invoked by uid 500); 21 Apr 2015 07:49:17 -0000 Mailing-List: contact commits-help@syncope.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@syncope.apache.org Delivered-To: mailing list commits@syncope.apache.org Received: (qmail 28578 invoked by uid 99); 21 Apr 2015 07:49:17 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Apr 2015 07:49:17 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 3DF43E0D5B; Tue, 21 Apr 2015 07:49:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ilgrosso@apache.org To: commits@syncope.apache.org Date: Tue, 21 Apr 2015 07:49:39 -0000 Message-Id: <6d0583e152ab405f8dcf5da8bd797fa4@git.apache.org> In-Reply-To: <8fc77f2fcee04167a6800184b8060333@git.apache.org> References: <8fc77f2fcee04167a6800184b8060333@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [24/40] syncope git commit: [SYNCOPE-119] New security model implemented http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java index 3067ca5..5f006d0 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncResultHandler.java @@ -30,12 +30,12 @@ import org.apache.syncope.common.lib.types.MatchingRule; import org.apache.syncope.common.lib.types.ResourceOperation; import org.apache.syncope.common.lib.types.UnmatchingRule; import org.apache.syncope.core.persistence.api.dao.NotFoundException; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; +import org.apache.syncope.core.persistence.api.entity.AttributableUtils; import org.apache.syncope.core.persistence.api.entity.task.SyncTask; import org.apache.syncope.core.provisioning.api.AttributableTransformer; import org.apache.syncope.core.provisioning.api.propagation.PropagationException; import org.apache.syncope.core.provisioning.api.sync.SyncActions; -import org.apache.syncope.core.misc.security.UnauthorizedGroupException; +import org.apache.syncope.core.misc.security.UnauthorizedException; import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult; import org.apache.syncope.core.provisioning.api.sync.SyncopeSyncResultHandler; import org.identityconnectors.framework.common.objects.SyncDelta; @@ -47,12 +47,12 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan implements SyncopeSyncResultHandler { @Autowired - protected SyncUtilities syncUtilities; + protected SyncUtils syncUtilities; @Autowired protected AttributableTransformer attrTransformer; - protected abstract AttributableUtil getAttributableUtil(); + protected abstract AttributableUtils getAttributableUtils(); protected abstract String getName(AbstractSubjectTO subjectTO); @@ -83,7 +83,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } } - protected List assign(final SyncDelta delta, final AttributableUtil attrUtil) + protected List assign(final SyncDelta delta, final AttributableUtils attrUtils) throws JobExecutionException { if (!profile.getTask().isPerformCreate()) { LOG.debug("SyncTask not configured for create"); @@ -91,13 +91,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } final AbstractSubjectTO subjectTO = - connObjectUtil.getSubjectTO(delta.getObject(), profile.getTask(), attrUtil); + connObjectUtils.getSubjectTO(delta.getObject(), profile.getTask(), attrUtils); subjectTO.getResources().add(profile.getTask().getResource().getKey()); final ProvisioningResult result = new ProvisioningResult(); result.setOperation(ResourceOperation.CREATE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); // Attributable transformation (if configured) @@ -114,13 +114,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan _delta = action.beforeAssign(this.getProfile(), _delta, transformed); } - create(transformed, _delta, attrUtil, UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), result); + create(transformed, _delta, attrUtils, UnmatchingRule.toEventName(UnmatchingRule.ASSIGN), result); } return Collections.singletonList(result); } - protected List create(final SyncDelta delta, final AttributableUtil attrUtil) + protected List create(final SyncDelta delta, final AttributableUtils attrUtils) throws JobExecutionException { if (!profile.getTask().isPerformCreate()) { @@ -129,7 +129,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } final AbstractSubjectTO subjectTO = - connObjectUtil.getSubjectTO(delta.getObject(), profile.getTask(), attrUtil); + connObjectUtils.getSubjectTO(delta.getObject(), profile.getTask(), attrUtils); // Attributable transformation (if configured) AbstractSubjectTO transformed = attrTransformer.transform(subjectTO); @@ -137,7 +137,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan final ProvisioningResult result = new ProvisioningResult(); result.setOperation(ResourceOperation.CREATE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); result.setName(getName(transformed)); @@ -150,7 +150,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan _delta = action.beforeProvision(this.getProfile(), _delta, transformed); } - create(transformed, _delta, attrUtil, UnmatchingRule.toEventName(UnmatchingRule.PROVISION), result); + create(transformed, _delta, attrUtils, UnmatchingRule.toEventName(UnmatchingRule.PROVISION), result); } return Collections.singletonList(result); @@ -159,7 +159,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan private void create( final AbstractSubjectTO subjectTO, final SyncDelta delta, - final AttributableUtil attrUtil, + final AttributableUtils attrUtils, final String operation, final ProvisioningResult result) throws JobExecutionException { @@ -179,13 +179,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } catch (PropagationException e) { // A propagation failure doesn't imply a synchronization failure. // The propagation exception status will be reported into the propagation task execution. - LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } catch (Exception e) { result.setStatus(ProvisioningResult.Status.FAILURE); result.setMessage(ExceptionUtils.getRootCauseMessage(e)); - LOG.error("Could not create {} {} ", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not create {} {} ", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } @@ -194,7 +194,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } protected List update(SyncDelta delta, final List subjects, - final AttributableUtil attrUtil) + final AttributableUtils attrUtils) throws JobExecutionException { if (!profile.getTask().isPerformUpdate()) { @@ -211,14 +211,14 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan final ProvisioningResult result = new ProvisioningResult(); result.setOperation(ResourceOperation.UPDATE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); result.setId(key); AbstractSubjectTO before = getSubjectTO(key); if (before == null) { result.setStatus(ProvisioningResult.Status.FAILURE); - result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), key)); + result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), key)); } else { result.setName(getName(before)); } @@ -250,17 +250,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan output = updated; resultStatus = Result.SUCCESS; result.setName(getName(updated)); - LOG.debug("{} {} successfully updated", attrUtil.getType(), key); + LOG.debug("{} {} successfully updated", attrUtils.getType(), key); } catch (PropagationException e) { // A propagation failure doesn't imply a synchronization failure. // The propagation exception status will be reported into the propagation task execution. - LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } catch (Exception e) { result.setStatus(ProvisioningResult.Status.FAILURE); result.setMessage(ExceptionUtils.getRootCauseMessage(e)); - LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } @@ -275,7 +275,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan protected List deprovision( SyncDelta delta, final List subjects, - final AttributableUtil attrUtil, + final AttributableUtils attrUtils, final boolean unlink) throws JobExecutionException { @@ -296,7 +296,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan final ProvisioningResult result = new ProvisioningResult(); result.setOperation(ResourceOperation.DELETE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); result.setId(id); @@ -304,7 +304,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan if (before == null) { result.setStatus(ProvisioningResult.Status.FAILURE); - result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), id)); + result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), id)); } if (!profile.isDryRun()) { @@ -333,17 +333,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } resultStatus = Result.SUCCESS; - LOG.debug("{} {} successfully updated", attrUtil.getType(), id); + LOG.debug("{} {} successfully updated", attrUtils.getType(), id); } catch (PropagationException e) { // A propagation failure doesn't imply a synchronization failure. // The propagation exception status will be reported into the propagation task execution. - LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } catch (Exception e) { result.setStatus(ProvisioningResult.Status.FAILURE); result.setMessage(ExceptionUtils.getRootCauseMessage(e)); - LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } @@ -361,7 +361,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan protected List link( SyncDelta delta, final List subjects, - final AttributableUtil attrUtil, + final AttributableUtils attrUtils, final boolean unlink) throws JobExecutionException { @@ -382,7 +382,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan final ProvisioningResult result = new ProvisioningResult(); result.setOperation(ResourceOperation.NONE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); result.setId(id); @@ -390,7 +390,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan if (before == null) { result.setStatus(ProvisioningResult.Status.FAILURE); - result.setMessage(String.format("Subject '%s(%d)' not found", attrUtil.getType().name(), id)); + result.setMessage(String.format("Subject '%s(%d)' not found", attrUtils.getType().name(), id)); } if (!profile.isDryRun()) { @@ -418,17 +418,17 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } resultStatus = Result.SUCCESS; - LOG.debug("{} {} successfully updated", attrUtil.getType(), id); + LOG.debug("{} {} successfully updated", attrUtils.getType(), id); } catch (PropagationException e) { // A propagation failure doesn't imply a synchronization failure. // The propagation exception status will be reported into the propagation task execution. - LOG.error("Could not propagate {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not propagate {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } catch (Exception e) { result.setStatus(ProvisioningResult.Status.FAILURE); result.setMessage(ExceptionUtils.getRootCauseMessage(e)); - LOG.error("Could not update {} {}", attrUtil.getType(), delta.getUid().getUidValue(), e); + LOG.error("Could not update {} {}", attrUtils.getType(), delta.getUid().getUidValue(), e); output = e; resultStatus = Result.FAILURE; } @@ -443,7 +443,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } protected List delete( - SyncDelta delta, final List subjects, final AttributableUtil attrUtil) + SyncDelta delta, final List subjects, final AttributableUtils attrUtils) throws JobExecutionException { if (!profile.getTask().isPerformDelete()) { @@ -468,7 +468,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan result.setId(id); result.setName(getName(before)); result.setOperation(ResourceOperation.DELETE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); if (!profile.isDryRun()) { @@ -483,7 +483,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } catch (Exception e) { result.setStatus(ProvisioningResult.Status.FAILURE); result.setMessage(ExceptionUtils.getRootCauseMessage(e)); - LOG.error("Could not delete {} {}", attrUtil.getType(), id, e); + LOG.error("Could not delete {} {}", attrUtils.getType(), id, e); output = e; } @@ -497,18 +497,18 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan delResults.add(result); } catch (NotFoundException e) { - LOG.error("Could not find {} {}", attrUtil.getType(), id, e); - } catch (UnauthorizedGroupException e) { - LOG.error("Not allowed to read {} {}", attrUtil.getType(), id, e); + LOG.error("Could not find {} {}", attrUtils.getType(), id, e); + } catch (UnauthorizedException e) { + LOG.error("Not allowed to read {} {}", attrUtils.getType(), id, e); } catch (Exception e) { - LOG.error("Could not delete {} {}", attrUtil.getType(), id, e); + LOG.error("Could not delete {} {}", attrUtils.getType(), id, e); } } return delResults; } - private List ignore(SyncDelta delta, final AttributableUtil attrUtil, final boolean matching) + private List ignore(SyncDelta delta, final AttributableUtils attrUtils, final boolean matching) throws JobExecutionException { LOG.debug("Subject to ignore {}", delta.getObject().getUid().getUidValue()); @@ -519,7 +519,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan result.setId(null); result.setName(delta.getObject().getUid().getUidValue()); result.setOperation(ResourceOperation.NONE); - result.setSubjectType(attrUtil.getType()); + result.setSubjectType(attrUtils.getType()); result.setStatus(ProvisioningResult.Status.SUCCESS); ignoreResults.add(result); @@ -541,7 +541,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan protected final void doHandle(final SyncDelta delta) throws JobExecutionException { - final AttributableUtil attrUtil = getAttributableUtil(); + final AttributableUtils attrUtils = getAttributableUtils(); LOG.debug("Process {} for {} as {}", delta.getDeltaType(), delta.getUid().getUidValue(), delta.getObject().getObjectClass()); @@ -552,7 +552,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan try { List subjectKeys = syncUtilities.findExisting( - uid, delta.getObject(), profile.getTask().getResource(), attrUtil); + uid, delta.getObject(), profile.getTask().getResource(), attrUtils); if (subjectKeys.size() > 1) { switch (profile.getResAct()) { @@ -576,13 +576,13 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan if (subjectKeys.isEmpty()) { switch (profile.getTask().getUnmatchingRule()) { case ASSIGN: - profile.getResults().addAll(assign(delta, attrUtil)); + profile.getResults().addAll(assign(delta, attrUtils)); break; case PROVISION: - profile.getResults().addAll(create(delta, attrUtil)); + profile.getResults().addAll(create(delta, attrUtils)); break; case IGNORE: - profile.getResults().addAll(ignore(delta, attrUtil, false)); + profile.getResults().addAll(ignore(delta, attrUtils, false)); break; default: // do nothing @@ -590,22 +590,22 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan } else { switch (profile.getTask().getMatchingRule()) { case UPDATE: - profile.getResults().addAll(update(delta, subjectKeys, attrUtil)); + profile.getResults().addAll(update(delta, subjectKeys, attrUtils)); break; case DEPROVISION: - profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtil, false)); + profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtils, false)); break; case UNASSIGN: - profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtil, true)); + profile.getResults().addAll(deprovision(delta, subjectKeys, attrUtils, true)); break; case LINK: - profile.getResults().addAll(link(delta, subjectKeys, attrUtil, false)); + profile.getResults().addAll(link(delta, subjectKeys, attrUtils, false)); break; case UNLINK: - profile.getResults().addAll(link(delta, subjectKeys, attrUtil, true)); + profile.getResults().addAll(link(delta, subjectKeys, attrUtils, true)); break; case IGNORE: - profile.getResults().addAll(ignore(delta, attrUtil, true)); + profile.getResults().addAll(ignore(delta, attrUtils, true)); break; default: // do nothing @@ -615,7 +615,7 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan if (subjectKeys.isEmpty()) { LOG.debug("No match found for deletion"); } else { - profile.getResults().addAll(delete(delta, subjectKeys, attrUtil)); + profile.getResults().addAll(delete(delta, subjectKeys, attrUtils)); } } } catch (IllegalStateException | IllegalArgumentException e) { @@ -630,9 +630,8 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan final Object output, final Object... input) { - notificationManager.createTasks( - AuditElements.EventCategoryType.SYNCHRONIZATION, - getAttributableUtil().getType().name().toLowerCase(), + notificationManager.createTasks(AuditElements.EventCategoryType.SYNCHRONIZATION, + getAttributableUtils().getType().name().toLowerCase(), profile.getTask().getResource().getKey(), event, result, @@ -640,9 +639,8 @@ public abstract class AbstractSyncResultHandler extends AbstractSyncopeResultHan output, input); - auditManager.audit( - AuditElements.EventCategoryType.SYNCHRONIZATION, - getAttributableUtil().getType().name().toLowerCase(), + auditManager.audit(AuditElements.EventCategoryType.SYNCHRONIZATION, + getAttributableUtils().getType().name().toLowerCase(), profile.getTask().getResource().getKey(), event, result, http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java index ec33571..d07ad34 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/AbstractSyncopeResultHandler.java @@ -20,7 +20,7 @@ package org.apache.syncope.core.provisioning.java.sync; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; -import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory; +import org.apache.syncope.core.persistence.api.entity.AttributableUtilsFactory; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; import org.apache.syncope.core.provisioning.api.GroupProvisioningManager; import org.apache.syncope.core.provisioning.api.data.GroupDataBinder; @@ -32,7 +32,7 @@ import org.apache.syncope.core.provisioning.api.sync.ProvisioningActions; import org.apache.syncope.core.provisioning.api.sync.ProvisioningProfile; import org.apache.syncope.core.provisioning.api.sync.SyncopeResultHandler; import org.apache.syncope.core.misc.AuditManager; -import org.apache.syncope.core.misc.ConnObjectUtil; +import org.apache.syncope.core.misc.ConnObjectUtils; import org.apache.syncope.core.provisioning.api.notification.NotificationManager; import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.apache.syncope.core.workflow.api.UserWorkflowAdapter; @@ -55,10 +55,10 @@ public abstract class AbstractSyncopeResultHandler deprovision(final Subject sbj) { - final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj)); + final GroupTO before = groupDataBinder.getGroupTO(Group.class.cast(sbj)); final List noPropResources = new ArrayList<>(before.getResources()); noPropResources.remove(profile.getTask().getResource().getKey()); - taskExecutor.execute(propagationManager.getGroupDeleteTaskIds(before.getKey(), noPropResources)); + taskExecutor.execute(propagationManager.getGroupDeleteTasks(before.getKey(), noPropResources)); return groupDAO.authFetch(before.getKey()); } @Override protected Subject provision(final Subject sbj, final Boolean enabled) { - final GroupTO before = groupTransfer.getGroupTO(Group.class.cast(sbj)); + final GroupTO before = groupDataBinder.getGroupTO(Group.class.cast(sbj)); final List noPropResources = new ArrayList<>(before.getResources()); noPropResources.remove(profile.getTask().getResource().getKey()); @@ -67,7 +67,7 @@ public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implem final PropagationByResource propByRes = new PropagationByResource(); propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey()); - taskExecutor.execute(propagationManager.getGroupCreateTaskIds( + taskExecutor.execute(propagationManager.getGroupCreateTasks( before.getKey(), Collections.unmodifiableCollection(before.getVirAttrs()), propByRes, @@ -118,7 +118,7 @@ public class GroupPushResultHandlerImpl extends AbstractPushResultHandler implem @Override protected AbstractSubjectTO getSubjectTO(final long key) { try { - return groupTransfer.getGroupTO(key); + return groupDataBinder.getGroupTO(key); } catch (Exception e) { LOG.warn("Error retrieving user {}", key, e); return null; http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java index b52cc0c..36e3215 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/GroupSyncResultHandlerImpl.java @@ -30,7 +30,7 @@ import org.apache.syncope.common.lib.to.AbstractSubjectTO; import org.apache.syncope.common.lib.to.PropagationStatus; import org.apache.syncope.common.lib.to.GroupTO; import org.apache.syncope.common.lib.types.AttributableType; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; +import org.apache.syncope.core.persistence.api.entity.AttributableUtils; import org.apache.syncope.core.provisioning.api.sync.ProvisioningResult; import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler; import org.identityconnectors.framework.common.objects.SyncDelta; @@ -45,8 +45,8 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem } @Override - protected AttributableUtil getAttributableUtil() { - return attrUtilFactory.getInstance(AttributableType.GROUP); + protected AttributableUtils getAttributableUtils() { + return attrUtilsFactory.getInstance(AttributableType.GROUP); } @Override @@ -57,7 +57,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem @Override protected AbstractSubjectTO getSubjectTO(final long key) { try { - return groupTransfer.getGroupTO(key); + return groupDataBinder.getGroupTO(key); } catch (Exception e) { LOG.warn("Error retrieving group {}", key, e); return null; @@ -68,12 +68,12 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem protected AbstractSubjectMod getSubjectMod( final AbstractSubjectTO subjectTO, final SyncDelta delta) { - return connObjectUtil.getAttributableMod( + return connObjectUtils.getAttributableMod( subjectTO.getKey(), delta.getObject(), subjectTO, profile.getTask(), - attrUtilFactory.getInstance(AttributableType.GROUP)); + attrUtilsFactory.getInstance(AttributableType.GROUP)); } @Override @@ -85,7 +85,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem Map.Entry> created = groupProvisioningManager.create(groupTO, groupOwnerMap, Collections.singleton(profile.getTask().getResource().getKey())); - groupTO = groupTransfer.getGroupTO(created.getKey()); + groupTO = groupDataBinder.getGroupTO(created.getKey()); result.setId(created.getKey()); result.setName(getName(subjectTO)); @@ -108,7 +108,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem groupMod.getResourcesToAdd().add(profile.getTask().getResource().getKey()); } - return groupTransfer.getGroupTO(gwfAdapter.update(groupMod).getResult()); + return groupDataBinder.getGroupTO(gwfAdapter.update(groupMod).getResult()); } @Override @@ -133,7 +133,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem groupOwnerMap.put(updated.getKey(), groupOwner); } - final GroupTO after = groupTransfer.getGroupTO(updated.getKey()); + final GroupTO after = groupDataBinder.getGroupTO(updated.getKey()); result.setName(getName(after)); @@ -143,7 +143,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem @Override protected void deprovision(final Long id, final boolean unlink) { taskExecutor.execute( - propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey())); + propagationManager.getGroupDeleteTasks(id, profile.getTask().getResource().getKey())); if (unlink) { final UserMod userMod = new UserMod(); @@ -156,7 +156,7 @@ public class GroupSyncResultHandlerImpl extends AbstractSyncResultHandler implem protected void delete(final Long id) { try { taskExecutor.execute( - propagationManager.getGroupDeleteTaskIds(id, profile.getTask().getResource().getKey())); + propagationManager.getGroupDeleteTasks(id, profile.getTask().getResource().getKey())); } catch (Exception e) { // A propagation failure doesn't imply a synchronization failure. // The propagation exception status will be reported into the propagation task execution. http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java index 526b494..fc68ec0 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/LDAPMembershipSyncActions.java @@ -24,6 +24,7 @@ import java.util.List; import java.util.Map; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; +import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.common.lib.mod.AbstractSubjectMod; import org.apache.syncope.common.lib.mod.MembershipMod; import org.apache.syncope.common.lib.mod.UserMod; @@ -87,7 +88,7 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { private AuditManager auditManager; @Autowired - private SyncUtilities syncUtilities; + private SyncUtils syncUtilities; protected Map membersBeforeGroupUpdate = Collections.emptyMap(); @@ -205,12 +206,12 @@ public class LDAPMembershipSyncActions extends DefaultSyncActions { Result result; - WorkflowResult> updated = null; + WorkflowResult> updated = null; try { updated = uwfAdapter.update(userMod); - List tasks = propagationManager.getUserUpdateTaskIds( + List tasks = propagationManager.getUserUpdateTasks( updated, false, Collections.singleton(resourceName)); taskExecutor.execute(tasks); http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java index 5716eb7..7bec3af 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/PushJobImpl.java @@ -20,10 +20,9 @@ package org.apache.syncope.core.provisioning.java.sync; import java.util.Collections; import java.util.List; -import java.util.Set; import org.apache.commons.lang3.StringUtils; +import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.SubjectType; -import org.apache.syncope.core.persistence.api.GroupEntitlementUtil; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -83,8 +82,6 @@ public class PushJobImpl extends AbstractProvisioningJob final boolean dryRun) throws JobExecutionException { LOG.debug("Execute synchronization (push) with resource {}", pushTask.getResource()); - final Set authorizations = GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()); - final ProvisioningProfile profile = new ProvisioningProfile<>(connector, pushTask); if (actions != null) { profile.getActions().addAll(actions); @@ -109,9 +106,13 @@ public class PushJobImpl extends AbstractProvisioningJob } if (uMapping != null) { - final int count = userDAO.count(authorizations); + final int count = userDAO.count(SyncopeConstants.FULL_ADMIN_REALMS); for (int page = 1; page <= (count / PAGE_SIZE) + 1; page++) { - final List localUsers = getUsers(authorizations, pushTask, page); + final List localUsers = StringUtils.isBlank(pushTask.getUserFilter()) + ? userDAO.findAll(SyncopeConstants.FULL_ADMIN_REALMS, page, PAGE_SIZE) + : searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, + SearchCondConverter.convert(pushTask.getUserFilter()), + Collections.emptyList(), SubjectType.USER); for (User localUser : localUsers) { try { @@ -126,15 +127,22 @@ public class PushJobImpl extends AbstractProvisioningJob } if (rMapping != null) { - final List localGroups = geGroups(authorizations, pushTask); - - for (Group localGroup : localGroups) { - try { - // group propagation - rhandler.handle(localGroup.getKey()); - } catch (Exception e) { - LOG.warn("Failure pushing group '{}' on '{}'", localGroup, pushTask.getResource(), e); - throw new JobExecutionException("While pushing groups on connector", e); + final int count = groupDAO.count(SyncopeConstants.FULL_ADMIN_REALMS); + for (int page = 1; page <= (count / PAGE_SIZE) + 1; page++) { + final List localGroups = StringUtils.isBlank(pushTask.getGroupFilter()) + ? groupDAO.findAll(SyncopeConstants.FULL_ADMIN_REALMS, page, PAGE_SIZE) + : searchDAO.search(SyncopeConstants.FULL_ADMIN_REALMS, + SearchCondConverter.convert(pushTask.getGroupFilter()), + Collections.emptyList(), SubjectType.GROUP); + + for (Group localGroup : localGroups) { + try { + // group propagation + rhandler.handle(localGroup.getKey()); + } catch (Exception e) { + LOG.warn("Failure pushing group '{}' on '{}'", localGroup, pushTask.getResource(), e); + throw new JobExecutionException("While pushing groups on connector", e); + } } } } @@ -151,25 +159,4 @@ public class PushJobImpl extends AbstractProvisioningJob return result; } - - private List getUsers(final Set authorizations, final PushTask pushTask, final int page) { - final String filter = pushTask.getUserFilter(); - if (StringUtils.isBlank(filter)) { - return userDAO.findAll(authorizations, page, PAGE_SIZE); - } else { - return searchDAO.search( - authorizations, SearchCondConverter.convert(filter), - Collections.emptyList(), SubjectType.USER); - } - } - - private List geGroups(final Set authorizations, final PushTask pushTask) { - final String filter = pushTask.getGroupFilter(); - if (StringUtils.isBlank(filter)) { - return groupDAO.findAll(); - } else { - return searchDAO.search(authorizations, SearchCondConverter.convert(filter), - Collections.emptyList(), SubjectType.GROUP); - } - } } http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java index 9b49d6a..28cd5b4 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncJobImpl.java @@ -25,7 +25,6 @@ import org.apache.syncope.common.lib.mod.GroupMod; import org.apache.syncope.common.lib.types.SyncPolicySpec; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.entity.ExternalResource; -import org.apache.syncope.core.persistence.api.entity.SyncPolicy; import org.apache.syncope.core.persistence.api.entity.group.GMapping; import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; import org.apache.syncope.core.persistence.api.entity.task.SyncTask; @@ -33,7 +32,7 @@ import org.apache.syncope.core.persistence.api.entity.user.UMapping; import org.apache.syncope.core.provisioning.api.Connector; import org.apache.syncope.core.provisioning.api.sync.ProvisioningProfile; import org.apache.syncope.core.provisioning.api.sync.SyncActions; -import org.apache.syncope.core.misc.security.UnauthorizedGroupException; +import org.apache.syncope.core.misc.security.UnauthorizedException; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; import org.apache.syncope.core.provisioning.api.job.SyncJob; import org.apache.syncope.core.provisioning.api.sync.GroupSyncResultHandler; @@ -60,10 +59,10 @@ public class SyncJobImpl extends AbstractProvisioningJob private GroupWorkflowAdapter gwfAdapter; @Autowired - protected SyncUtilities syncUtilities; + protected SyncUtils syncUtilities; protected void setGroupOwners(final GroupSyncResultHandler rhandler) - throws UnauthorizedGroupException, NotFoundException { + throws UnauthorizedException, NotFoundException { for (Map.Entry entry : rhandler.getGroupOwnerMap().entrySet()) { GroupMod groupMod = new GroupMod(); @@ -193,7 +192,7 @@ public class SyncJobImpl extends AbstractProvisioningJob } } - final String result = createReport(profile.getResults(), syncTask.getResource().getSyncTraceLevel(), dryRun); + String result = createReport(profile.getResults(), syncTask.getResource().getSyncTraceLevel(), dryRun); LOG.debug("Sync result: {}", result); @@ -204,11 +203,9 @@ public class SyncJobImpl extends AbstractProvisioningJob SyncPolicySpec syncPolicySpec; if (task instanceof SyncTask) { - final SyncPolicy syncPolicy = task.getResource().getSyncPolicy() == null - ? policyDAO.getGlobalSyncPolicy() - : task.getResource().getSyncPolicy(); - - syncPolicySpec = syncPolicy == null ? null : syncPolicy.getSpecification(SyncPolicySpec.class); + syncPolicySpec = task.getResource().getSyncPolicy() == null + ? null + : task.getResource().getSyncPolicy().getSpecification(SyncPolicySpec.class); } else { syncPolicySpec = null; } http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java deleted file mode 100644 index 7f89474..0000000 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtilities.java +++ /dev/null @@ -1,419 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.syncope.core.provisioning.java.sync; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import org.apache.commons.lang3.StringUtils; -import org.apache.syncope.common.lib.types.AttributableType; -import org.apache.syncope.common.lib.types.MappingPurpose; -import org.apache.syncope.common.lib.types.SubjectType; -import org.apache.syncope.common.lib.types.SyncPolicySpec; -import org.apache.syncope.core.persistence.api.GroupEntitlementUtil; -import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException; -import org.apache.syncope.core.persistence.api.dao.EntitlementDAO; -import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; -import org.apache.syncope.core.persistence.api.dao.PolicyDAO; -import org.apache.syncope.core.persistence.api.dao.GroupDAO; -import org.apache.syncope.core.persistence.api.dao.SubjectDAO; -import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO; -import org.apache.syncope.core.persistence.api.dao.UserDAO; -import org.apache.syncope.core.persistence.api.dao.search.AttributeCond; -import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; -import org.apache.syncope.core.persistence.api.dao.search.SearchCond; -import org.apache.syncope.core.persistence.api.dao.search.SubjectCond; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; -import org.apache.syncope.core.persistence.api.entity.AttributableUtilFactory; -import org.apache.syncope.core.persistence.api.entity.ExternalResource; -import org.apache.syncope.core.persistence.api.entity.MappingItem; -import org.apache.syncope.core.persistence.api.entity.PlainAttrValue; -import org.apache.syncope.core.persistence.api.entity.PlainSchema; -import org.apache.syncope.core.persistence.api.entity.Subject; -import org.apache.syncope.core.persistence.api.entity.SyncPolicy; -import org.apache.syncope.core.persistence.api.entity.group.Group; -import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; -import org.apache.syncope.core.persistence.api.entity.user.UDerAttr; -import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr; -import org.apache.syncope.core.persistence.api.entity.user.UVirAttr; -import org.apache.syncope.core.persistence.api.entity.user.User; -import org.apache.syncope.core.provisioning.api.Connector; -import org.apache.syncope.core.provisioning.api.sync.SyncCorrelationRule; -import org.identityconnectors.framework.common.objects.Attribute; -import org.identityconnectors.framework.common.objects.AttributeUtil; -import org.identityconnectors.framework.common.objects.ConnectorObject; -import org.identityconnectors.framework.common.objects.Name; -import org.identityconnectors.framework.common.objects.ObjectClass; -import org.identityconnectors.framework.common.objects.OperationalAttributes; -import org.identityconnectors.framework.common.objects.filter.EqualsFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -@Component -public class SyncUtilities { - - /** - * Logger. - */ - protected static final Logger LOG = LoggerFactory.getLogger(SyncUtilities.class); - - /** - * Policy DAO. - */ - @Autowired - protected PolicyDAO policyDAO; - - /** - * Entitlement DAO. - */ - @Autowired - protected EntitlementDAO entitlementDAO; - - /** - * Schema DAO. - */ - @Autowired - protected PlainSchemaDAO plainSchemaDAO; - - /** - * User DAO. - */ - @Autowired - protected UserDAO userDAO; - - /** - * Group DAO. - */ - @Autowired - protected GroupDAO groupDAO; - - /** - * Search DAO. - */ - @Autowired - protected SubjectSearchDAO searchDAO; - - @Autowired - protected AttributableUtilFactory attrUtilFactory; - - public Long findMatchingAttributableKey( - final ObjectClass oclass, - final String name, - final ExternalResource resource, - final Connector connector) { - - Long result = null; - - final AttributableUtil attrUtil = attrUtilFactory.getInstance(oclass); - - final List found = connector.search(oclass, - new EqualsFilter(new Name(name)), connector.getOperationOptions( - attrUtil.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION))); - - if (found.isEmpty()) { - LOG.debug("No {} found on {} with __NAME__ {}", oclass, resource, name); - } else { - if (found.size() > 1) { - LOG.warn("More than one {} found on {} with __NAME__ {} - taking first only", oclass, resource, name); - } - - ConnectorObject connObj = found.iterator().next(); - try { - List subjectKeys = findExisting(connObj.getUid().getUidValue(), connObj, resource, attrUtil); - if (subjectKeys.isEmpty()) { - LOG.debug("No matching {} found for {}, aborting", attrUtil.getType(), connObj); - } else { - if (subjectKeys.size() > 1) { - LOG.warn("More than one {} found {} - taking first only", attrUtil.getType(), subjectKeys); - } - - result = subjectKeys.iterator().next(); - } - } catch (IllegalArgumentException e) { - LOG.warn(e.getMessage()); - } - } - - return result; - } - - private SubjectDAO getSubjectDAO(final MappingItem accountIdItem) { - return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : groupDAO; - } - - private List findByAccountIdItem( - final String uid, final ExternalResource resource, final AttributableUtil attrUtil) { - final List result = new ArrayList<>(); - - final MappingItem accountIdItem = attrUtil.getAccountIdItem(resource); - switch (accountIdItem.getIntMappingType()) { - case UserPlainSchema: - case GroupPlainSchema: - final PlainAttrValue value = attrUtil.newPlainAttrValue(); - - PlainSchema schema = plainSchemaDAO.find(accountIdItem.getIntAttrName(), attrUtil.plainSchemaClass()); - if (schema == null) { - value.setStringValue(uid); - } else { - try { - value.parseValue(schema, uid); - } catch (ParsingValidationException e) { - LOG.error("While parsing provided __UID__ {}", uid, e); - value.setStringValue(uid); - } - } - - List> subjects = - getSubjectDAO(accountIdItem).findByAttrValue(accountIdItem.getIntAttrName(), value, attrUtil); - for (Subject subject : subjects) { - result.add(subject.getKey()); - } - break; - - case UserDerivedSchema: - case GroupDerivedSchema: - subjects = getSubjectDAO(accountIdItem). - findByDerAttrValue(accountIdItem.getIntAttrName(), uid, attrUtil); - for (Subject subject : subjects) { - result.add(subject.getKey()); - } - break; - - case Username: - User user = userDAO.find(uid); - if (user != null) { - result.add(user.getKey()); - } - break; - - case UserId: - user = userDAO.find(Long.parseLong(uid)); - if (user != null) { - result.add(user.getKey()); - } - break; - - case GroupName: - List groups = groupDAO.find(uid); - for (Group group : groups) { - result.add(group.getKey()); - } - break; - - case GroupId: - Group group = groupDAO.find(Long.parseLong(uid)); - if (group != null) { - result.add(group.getKey()); - } - break; - - default: - LOG.error("Invalid accountId type '{}'", accountIdItem.getIntMappingType()); - } - - return result; - } - - private List search(final SearchCond searchCond, final SubjectType type) { - final List result = new ArrayList<>(); - - List> subjects = searchDAO.search(GroupEntitlementUtil.getGroupKeys(entitlementDAO.findAll()), - searchCond, Collections.emptyList(), type); - for (Subject subject : subjects) { - result.add(subject.getKey()); - } - - return result; - } - - private List findByCorrelationRule( - final ConnectorObject connObj, final SyncCorrelationRule rule, final SubjectType type) { - - return search(rule.getSearchCond(connObj), type); - } - - private List findByAttributableSearch( - final ConnectorObject connObj, - final List altSearchSchemas, - final ExternalResource resource, - final AttributableUtil attrUtil) { - - // search for external attribute's name/value of each specified name - final Map extValues = new HashMap<>(); - - for (MappingItem item : attrUtil.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)) { - extValues.put(item.getIntAttrName(), connObj.getAttributeByName(item.getExtAttrName())); - } - - // search for user/group by attribute(s) specified in the policy - SearchCond searchCond = null; - - for (String schema : altSearchSchemas) { - Attribute value = extValues.get(schema); - - if (value == null) { - throw new IllegalArgumentException( - "Connector object does not contains the attributes to perform the search: " + schema); - } - - AttributeCond.Type type; - String expression = null; - - if (value.getValue() == null || value.getValue().isEmpty() - || (value.getValue().size() == 1 && value.getValue().get(0) == null)) { - - type = AttributeCond.Type.ISNULL; - } else { - type = AttributeCond.Type.EQ; - expression = value.getValue().size() > 1 - ? value.getValue().toString() - : value.getValue().get(0).toString(); - } - - SearchCond nodeCond; - // users: just id or username can be selected to be used - // groups: just id or name can be selected to be used - if ("key".equalsIgnoreCase(schema) - || "username".equalsIgnoreCase(schema) || "name".equalsIgnoreCase(schema)) { - - SubjectCond cond = new SubjectCond(); - cond.setSchema(schema); - cond.setType(type); - cond.setExpression(expression); - - nodeCond = SearchCond.getLeafCond(cond); - } else { - AttributeCond cond = new AttributeCond(); - cond.setSchema(schema); - cond.setType(type); - cond.setExpression(expression); - - nodeCond = SearchCond.getLeafCond(cond); - } - - searchCond = searchCond == null - ? nodeCond - : SearchCond.getAndCond(searchCond, nodeCond); - } - - return search(searchCond, SubjectType.valueOf(attrUtil.getType().name())); - } - - private SyncCorrelationRule getCorrelationRule(final AttributableType type, final SyncPolicySpec policySpec) { - String clazz; - - switch (type) { - case USER: - clazz = policySpec.getUserJavaRule(); - break; - case GROUP: - clazz = policySpec.getGroupJavaRule(); - break; - case MEMBERSHIP: - case CONFIGURATION: - default: - clazz = null; - } - - SyncCorrelationRule res = null; - - if (StringUtils.isNotBlank(clazz)) { - try { - res = (SyncCorrelationRule) Class.forName(clazz).newInstance(); - } catch (Exception e) { - LOG.error("Failure instantiating correlation rule class '{}'", clazz, e); - } - } - - return res; - } - - private List getAltSearchSchemas(final AttributableType type, final SyncPolicySpec policySpec) { - List result = Collections.emptyList(); - - switch (type) { - case USER: - result = policySpec.getuAltSearchSchemas(); - break; - case GROUP: - result = policySpec.getrAltSearchSchemas(); - break; - case MEMBERSHIP: - case CONFIGURATION: - default: - } - - return result; - } - - /** - * Find users / groups based on mapped uid value (or previous uid value, if updated). - * - * @param uid for finding by account id - * @param connObj for finding by attribute value - * @param resource external resource - * @param attrUtil attributable util - * @return list of matching users / groups - */ - public List findExisting( - final String uid, - final ConnectorObject connObj, - final ExternalResource resource, - final AttributableUtil attrUtil) { - - SyncPolicySpec syncPolicySpec = null; - if (resource.getSyncPolicy() == null) { - SyncPolicy globalSP = policyDAO.getGlobalSyncPolicy(); - if (globalSP != null) { - syncPolicySpec = globalSP.getSpecification(SyncPolicySpec.class); - } - } else { - syncPolicySpec = resource.getSyncPolicy().getSpecification(SyncPolicySpec.class); - } - - SyncCorrelationRule syncRule = null; - List altSearchSchemas = null; - - if (syncPolicySpec != null) { - syncRule = getCorrelationRule(attrUtil.getType(), syncPolicySpec); - altSearchSchemas = getAltSearchSchemas(attrUtil.getType(), syncPolicySpec); - } - - return syncRule == null ? altSearchSchemas == null || altSearchSchemas.isEmpty() - ? findByAccountIdItem(uid, resource, attrUtil) - : findByAttributableSearch(connObj, altSearchSchemas, resource, attrUtil) - : findByCorrelationRule(connObj, syncRule, SubjectType.valueOf(attrUtil.getType().name())); - } - - public Boolean readEnabled(final ConnectorObject connectorObject, final ProvisioningTask task) { - Boolean enabled = null; - if (task.isSyncStatus()) { - Attribute status = AttributeUtil.find(OperationalAttributes.ENABLE_NAME, connectorObject.getAttributes()); - if (status != null && status.getValue() != null && !status.getValue().isEmpty()) { - enabled = (Boolean) status.getValue().get(0); - } - } - - return enabled; - } -} http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java new file mode 100644 index 0000000..7dabe8f --- /dev/null +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/SyncUtils.java @@ -0,0 +1,403 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.provisioning.java.sync; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import org.apache.commons.lang3.StringUtils; +import org.apache.syncope.common.lib.SyncopeConstants; +import org.apache.syncope.common.lib.types.AttributableType; +import org.apache.syncope.common.lib.types.MappingPurpose; +import org.apache.syncope.common.lib.types.SubjectType; +import org.apache.syncope.common.lib.types.SyncPolicySpec; +import org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException; +import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; +import org.apache.syncope.core.persistence.api.dao.PolicyDAO; +import org.apache.syncope.core.persistence.api.dao.GroupDAO; +import org.apache.syncope.core.persistence.api.dao.SubjectDAO; +import org.apache.syncope.core.persistence.api.dao.SubjectSearchDAO; +import org.apache.syncope.core.persistence.api.dao.UserDAO; +import org.apache.syncope.core.persistence.api.dao.search.AttributeCond; +import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; +import org.apache.syncope.core.persistence.api.dao.search.SearchCond; +import org.apache.syncope.core.persistence.api.dao.search.SubjectCond; +import org.apache.syncope.core.persistence.api.entity.AttributableUtils; +import org.apache.syncope.core.persistence.api.entity.AttributableUtilsFactory; +import org.apache.syncope.core.persistence.api.entity.ExternalResource; +import org.apache.syncope.core.persistence.api.entity.MappingItem; +import org.apache.syncope.core.persistence.api.entity.PlainAttrValue; +import org.apache.syncope.core.persistence.api.entity.PlainSchema; +import org.apache.syncope.core.persistence.api.entity.Subject; +import org.apache.syncope.core.persistence.api.entity.group.Group; +import org.apache.syncope.core.persistence.api.entity.task.ProvisioningTask; +import org.apache.syncope.core.persistence.api.entity.user.User; +import org.apache.syncope.core.provisioning.api.Connector; +import org.apache.syncope.core.provisioning.api.sync.SyncCorrelationRule; +import org.identityconnectors.framework.common.objects.Attribute; +import org.identityconnectors.framework.common.objects.AttributeUtil; +import org.identityconnectors.framework.common.objects.ConnectorObject; +import org.identityconnectors.framework.common.objects.Name; +import org.identityconnectors.framework.common.objects.ObjectClass; +import org.identityconnectors.framework.common.objects.OperationalAttributes; +import org.identityconnectors.framework.common.objects.filter.EqualsFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class SyncUtils { + + /** + * Logger. + */ + protected static final Logger LOG = LoggerFactory.getLogger(SyncUtils.class); + + /** + * Policy DAO. + */ + @Autowired + protected PolicyDAO policyDAO; + + /** + * Schema DAO. + */ + @Autowired + protected PlainSchemaDAO plainSchemaDAO; + + /** + * User DAO. + */ + @Autowired + protected UserDAO userDAO; + + /** + * Group DAO. + */ + @Autowired + protected GroupDAO groupDAO; + + /** + * Search DAO. + */ + @Autowired + protected SubjectSearchDAO searchDAO; + + @Autowired + protected AttributableUtilsFactory attrUtilsFactory; + + public Long findMatchingAttributableKey( + final ObjectClass oclass, + final String name, + final ExternalResource resource, + final Connector connector) { + + Long result = null; + + final AttributableUtils attrUtils = attrUtilsFactory.getInstance(oclass); + + final List found = connector.search(oclass, + new EqualsFilter(new Name(name)), connector.getOperationOptions( + attrUtils.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION))); + + if (found.isEmpty()) { + LOG.debug("No {} found on {} with __NAME__ {}", oclass, resource, name); + } else { + if (found.size() > 1) { + LOG.warn("More than one {} found on {} with __NAME__ {} - taking first only", oclass, resource, name); + } + + ConnectorObject connObj = found.iterator().next(); + try { + List subjectKeys = findExisting(connObj.getUid().getUidValue(), connObj, resource, attrUtils); + if (subjectKeys.isEmpty()) { + LOG.debug("No matching {} found for {}, aborting", attrUtils.getType(), connObj); + } else { + if (subjectKeys.size() > 1) { + LOG.warn("More than one {} found {} - taking first only", attrUtils.getType(), subjectKeys); + } + + result = subjectKeys.iterator().next(); + } + } catch (IllegalArgumentException e) { + LOG.warn(e.getMessage()); + } + } + + return result; + } + + private SubjectDAO getSubjectDAO(final MappingItem accountIdItem) { + return AttributableType.USER == accountIdItem.getIntMappingType().getAttributableType() ? userDAO : groupDAO; + } + + private List findByAccountIdItem( + final String uid, final ExternalResource resource, final AttributableUtils attrUtils) { + final List result = new ArrayList<>(); + + final MappingItem accountIdItem = attrUtils.getAccountIdItem(resource); + switch (accountIdItem.getIntMappingType()) { + case UserPlainSchema: + case GroupPlainSchema: + final PlainAttrValue value = attrUtils.newPlainAttrValue(); + + PlainSchema schema = plainSchemaDAO.find(accountIdItem.getIntAttrName(), attrUtils.plainSchemaClass()); + if (schema == null) { + value.setStringValue(uid); + } else { + try { + value.parseValue(schema, uid); + } catch (ParsingValidationException e) { + LOG.error("While parsing provided __UID__ {}", uid, e); + value.setStringValue(uid); + } + } + + List> subjects = + getSubjectDAO(accountIdItem).findByAttrValue(accountIdItem.getIntAttrName(), value, attrUtils); + for (Subject subject : subjects) { + result.add(subject.getKey()); + } + break; + + case UserDerivedSchema: + case GroupDerivedSchema: + subjects = getSubjectDAO(accountIdItem). + findByDerAttrValue(accountIdItem.getIntAttrName(), uid, attrUtils); + for (Subject subject : subjects) { + result.add(subject.getKey()); + } + break; + + case Username: + User user = userDAO.find(uid); + if (user != null) { + result.add(user.getKey()); + } + break; + + case UserId: + user = userDAO.find(Long.parseLong(uid)); + if (user != null) { + result.add(user.getKey()); + } + break; + + case GroupName: + Group group = groupDAO.find(uid); + if (group != null) { + result.add(group.getKey()); + } + break; + + case GroupId: + group = groupDAO.find(Long.parseLong(uid)); + if (group != null) { + result.add(group.getKey()); + } + break; + + default: + LOG.error("Invalid accountId type '{}'", accountIdItem.getIntMappingType()); + } + + return result; + } + + private List search(final SearchCond searchCond, final SubjectType type) { + final List result = new ArrayList<>(); + + List> subjects = searchDAO.search( + SyncopeConstants.FULL_ADMIN_REALMS, searchCond, Collections.emptyList(), type); + for (Subject subject : subjects) { + result.add(subject.getKey()); + } + + return result; + } + + private List findByCorrelationRule( + final ConnectorObject connObj, final SyncCorrelationRule rule, final SubjectType type) { + + return search(rule.getSearchCond(connObj), type); + } + + private List findByAttributableSearch( + final ConnectorObject connObj, + final List altSearchSchemas, + final ExternalResource resource, + final AttributableUtils attrUtils) { + + // search for external attribute's name/value of each specified name + final Map extValues = new HashMap<>(); + + for (MappingItem item : attrUtils.getMappingItems(resource, MappingPurpose.SYNCHRONIZATION)) { + extValues.put(item.getIntAttrName(), connObj.getAttributeByName(item.getExtAttrName())); + } + + // search for user/group by attribute(s) specified in the policy + SearchCond searchCond = null; + + for (String schema : altSearchSchemas) { + Attribute value = extValues.get(schema); + + if (value == null) { + throw new IllegalArgumentException( + "Connector object does not contains the attributes to perform the search: " + schema); + } + + AttributeCond.Type type; + String expression = null; + + if (value.getValue() == null || value.getValue().isEmpty() + || (value.getValue().size() == 1 && value.getValue().get(0) == null)) { + + type = AttributeCond.Type.ISNULL; + } else { + type = AttributeCond.Type.EQ; + expression = value.getValue().size() > 1 + ? value.getValue().toString() + : value.getValue().get(0).toString(); + } + + SearchCond nodeCond; + // users: just id or username can be selected to be used + // groups: just id or name can be selected to be used + if ("key".equalsIgnoreCase(schema) + || "username".equalsIgnoreCase(schema) || "name".equalsIgnoreCase(schema)) { + + SubjectCond cond = new SubjectCond(); + cond.setSchema(schema); + cond.setType(type); + cond.setExpression(expression); + + nodeCond = SearchCond.getLeafCond(cond); + } else { + AttributeCond cond = new AttributeCond(); + cond.setSchema(schema); + cond.setType(type); + cond.setExpression(expression); + + nodeCond = SearchCond.getLeafCond(cond); + } + + searchCond = searchCond == null + ? nodeCond + : SearchCond.getAndCond(searchCond, nodeCond); + } + + return search(searchCond, SubjectType.valueOf(attrUtils.getType().name())); + } + + private SyncCorrelationRule getCorrelationRule(final AttributableType type, final SyncPolicySpec policySpec) { + String clazz; + + switch (type) { + case USER: + clazz = policySpec.getUserJavaRule(); + break; + case GROUP: + clazz = policySpec.getGroupJavaRule(); + break; + case MEMBERSHIP: + case CONFIGURATION: + default: + clazz = null; + } + + SyncCorrelationRule res = null; + + if (StringUtils.isNotBlank(clazz)) { + try { + res = (SyncCorrelationRule) Class.forName(clazz).newInstance(); + } catch (Exception e) { + LOG.error("Failure instantiating correlation rule class '{}'", clazz, e); + } + } + + return res; + } + + private List getAltSearchSchemas(final AttributableType type, final SyncPolicySpec policySpec) { + List result = Collections.emptyList(); + + switch (type) { + case USER: + result = policySpec.getuAltSearchSchemas(); + break; + case GROUP: + result = policySpec.getrAltSearchSchemas(); + break; + case MEMBERSHIP: + case CONFIGURATION: + default: + } + + return result; + } + + /** + * Find users / groups based on mapped uid value (or previous uid value, if updated). + * + * @param uid for finding by account id + * @param connObj for finding by attribute value + * @param resource external resource + * @param attrUtils attributable util + * @return list of matching users / groups + */ + public List findExisting( + final String uid, + final ConnectorObject connObj, + final ExternalResource resource, + final AttributableUtils attrUtils) { + + SyncPolicySpec syncPolicySpec = null; + if (resource.getSyncPolicy() != null) { + syncPolicySpec = resource.getSyncPolicy().getSpecification(SyncPolicySpec.class); + } + + SyncCorrelationRule syncRule = null; + List altSearchSchemas = null; + + if (syncPolicySpec != null) { + syncRule = getCorrelationRule(attrUtils.getType(), syncPolicySpec); + altSearchSchemas = getAltSearchSchemas(attrUtils.getType(), syncPolicySpec); + } + + return syncRule == null ? altSearchSchemas == null || altSearchSchemas.isEmpty() + ? findByAccountIdItem(uid, resource, attrUtils) + : findByAttributableSearch(connObj, altSearchSchemas, resource, attrUtils) + : findByCorrelationRule(connObj, syncRule, SubjectType.valueOf(attrUtils.getType().name())); + } + + public Boolean readEnabled(final ConnectorObject connectorObject, final ProvisioningTask task) { + Boolean enabled = null; + if (task.isSyncStatus()) { + Attribute status = AttributeUtil.find(OperationalAttributes.ENABLE_NAME, connectorObject.getAttributes()); + if (status != null && status.getValue() != null && !status.getValue().isEmpty()) { + enabled = (Boolean) status.getValue().get(0); + } + } + + return enabled; + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/65d652af/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java index 61637a4..87d72e6 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/sync/UserPushResultHandlerImpl.java @@ -27,7 +27,7 @@ import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.types.AttributableType; import org.apache.syncope.common.lib.types.PropagationByResource; import org.apache.syncope.common.lib.types.ResourceOperation; -import org.apache.syncope.core.persistence.api.entity.AttributableUtil; +import org.apache.syncope.core.persistence.api.entity.AttributableUtils; import org.apache.syncope.core.persistence.api.entity.Mapping; import org.apache.syncope.core.persistence.api.entity.MappingItem; import org.apache.syncope.core.persistence.api.entity.Subject; @@ -41,18 +41,18 @@ import org.identityconnectors.framework.common.objects.Uid; public class UserPushResultHandlerImpl extends AbstractPushResultHandler implements UserPushResultHandler { @Override - protected AttributableUtil getAttributableUtil() { - return attrUtilFactory.getInstance(AttributableType.USER); + protected AttributableUtils getAttributableUtils() { + return attrUtilsFactory.getInstance(AttributableType.USER); } @Override protected Subject deprovision(final Subject sbj) { - final UserTO before = userTransfer.getUserTO(sbj.getKey()); + final UserTO before = userDataBinder.getUserTO(sbj.getKey()); final List noPropResources = new ArrayList<>(before.getResources()); noPropResources.remove(profile.getTask().getResource().getKey()); - taskExecutor.execute(propagationManager.getUserDeleteTaskIds(before.getKey(), + taskExecutor.execute(propagationManager.getUserDeleteTasks(before.getKey(), Collections.singleton(profile.getTask().getResource().getKey()), noPropResources)); return userDAO.authFetch(before.getKey()); @@ -60,7 +60,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme @Override protected Subject provision(final Subject sbj, final Boolean enabled) { - final UserTO before = userTransfer.getUserTO(sbj.getKey()); + final UserTO before = userDataBinder.getUserTO(sbj.getKey()); final List noPropResources = new ArrayList<>(before.getResources()); noPropResources.remove(profile.getTask().getResource().getKey()); @@ -68,7 +68,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme final PropagationByResource propByRes = new PropagationByResource(); propByRes.add(ResourceOperation.CREATE, profile.getTask().getResource().getKey()); - taskExecutor.execute(propagationManager.getUserCreateTaskIds( + taskExecutor.execute(propagationManager.getUserCreateTasks( before.getKey(), enabled, propByRes, @@ -122,7 +122,7 @@ public class UserPushResultHandlerImpl extends AbstractPushResultHandler impleme @Override protected AbstractSubjectTO getSubjectTO(final long key) { try { - return userTransfer.getUserTO(key); + return userDataBinder.getUserTO(key); } catch (Exception e) { LOG.warn("Error retrieving user {}", key, e); return null;